WannaCrypt Virus Epidemic Stopped by Abracadabra
The security expert with the twitter @MalwareTechBlog stopped the WannaCrypt virus epidemy simply by registering the non-readable domain. As he confessed, “…I was unaware registering the domain would stop the malware until after I registered it, so initially it was accidental”.
The expert discovered a very curious line in the virus code. It orders to quit if the address to the specific domain is successful. The particular name was iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com. Obviously, just a strain letters typed at random. But he just did it – he registered the domain and got thousands of requests from infested computers within minutes. And the virus stopped spreading from the infested machines!
Hackers must have been very smug about their resourcefulness. You see, the condition command or if-then command is the basic command of any coding language. It sets the conditions of some action. For instance, you have to get all the toy bricks from one box and put them into another. What do you do? You look into the box #1 to see if there are any brick left. If there are some or there’s just one of them, you pick the brick and put it into the box #2 and then repeat the whole thing until the box #1 is empty. The cycle is over. Done. In computers’ language it goes like that: if brick > 1, then relocate it to the box #2, if brick = 0, then stop.
WannaCrypt has to address one and the same domain with the non-existing name to see if it can spread wider. The respond that has been coming back until recently was NO, there’s no such domain. And the virus went on gallivanting. And then oops! The domain iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com came into existence! The virus stopped.
Thus, setting up a target sinkhole for studying the virus behavior, MalwareTechBlog stopped the epidemic!
It didn’t take hours of typing in front of black displays with myriads of green lines running. Until the domain is revoked, the WannaCrypt is completely harmless! That’s what I call Bruce Willis style of rescuing the world.
This is the link to the animated world map Wannacry Ransomware Map that shows the scale of the cyber attack. The map shows not every particular computer attacked but rather the scale of it. The data was collected via one of the infested domains the blog took control of. The attack began at one and the same time around the globe and Europe seems to suffer most. USA is relatively OK, but we’ll see, the info is being updated.
What can you do to stay safe in the future? First, remember to update all the patches and updates Microsoft provides. Second, remember to update your antivirus software. Third, regularly back up critical files to the hard drives or other computer with NO internet access.
- Well, if you are tired of battling against all the dangers of Internet, you can easily trade in your computers and smartphones for top cash: Sell used electronics online today!
Man Who Stopped WannaCry Outbreak Arrested in USA
Text updated on August 8, 2017
In May the world was shaken by the outburst of the cruelest ransomware WannaCry. And the name of the malware was well to the point as it made cry people across the world. This was the first time the public facilities were injured and suffered malfunction.
The WannaCry’s march was stopped dead by a digital security expert under the alias of @MalwareTechBlog. He just registered the domain name the virus addressed to and this was the kill switch of it. Now you must know that the expert’s name is actually Marcus Hutchins, 22. He is a British national and on Wednesday he was arrested by US Marshals at Las Vegas airport. A Justice Department spokesperson has confirmed it on the phone.
Mr. Hutchins came to our country to attend the Def Con conference in Las Vegas. The indictment was dated July 11, two weeks previously. “The charges against Hutchins, and for which he was arrested, relate to alleged conduct that occurred between in or around July 2014 and July 2015,” said the spokesperson.
The indictment has to do not with the WannaCry ransomware but with the Kronos malware. The Kronos can steal credentials, legitimate banking websites and evade antivirus detection and sandbox environments. It can be built in every browser since it uses the vulnerabilities in them. Mr. Hutchins and another still anonymous defendant are accused of selling the malware on the dark-web marketplace AlphaBay.
The marketplace is now defunct and its founder and operator Alexandre Cazes – dead.
Such are the facts. And here we enter the morals grey zone. Like the one that existed long time ago in the Wild West, when gunfighters swapped sides every week and were now bandits and now sheriffs and the ways of both were hard to tell from one another. Surely, one doesn’t start an expert’s career in the digital security without any experience at all. But on what side of the law the experience is gained is another question. Should we turn a blind eye to the past of Mr. Hutchins and other ex-hackers now security experts or should we crack down on web criminals no matter what?